Two Fast Paths to Docker Networking with Brocade VDX

In my previous blog, I made some high level network architecture recommendations for your Docker software ecosystem. But the best way to get started with container networking is to play with a real setup! Below, I’ve laid out a couple of the most common approaches to the first step - getting Docker software up and running alongside a Brocade VDX switch fabric. Docker helps configure the container side of networking via libnetwork and Docker Swarm. To build a complete container network solution, you’ll need to integrate your Brocade VDX fabric with Docker networking.

Here are a couple of options for how you can get orchestration and visibility across container networks and physical networks:

Container Network Configuration with Brocade Workflow Composer

Brocade Workflow Composer (BWC) enables you to write flexible workflows for automation across domains such as physical network fabrics, Docker containers, and ChatOps tools like slack. You can write a workflow to orchestrate your network when Docker containers are spun up and post messages to your tools such as slack when network events occur.

This involves writing a simple workflow involving a BWC sensor which talks to Docker Software via the Docker Swarm API to tap into network events; and then configures the VDX switches via BWC actions. For example, you could create Macvlans or Ipvlans on the containers and configure the corresponding L2/L3 configuration on the switches.

You could script this yourself, or use this step-by-step guide and get up and running fast!

Container Network Visibility via Python Scripting

Now that you have containers deployed and your network is up and running, how do you find out where the containers are connected to your network? This may not matter if everything is running smoothly, but this will be the first thing on your mind if your containerized application stops working.

Getting this visibility is really easy with a Brocade fabric of VDX switches. You can write a Python script and run it via BWC or you can download and run it on VDX switches. The Python script can interact with Docker Swarm via the API to gain visibility into the containers and networks which have been created. Then, it can talk to each VDX switch via NETCONF/REST to get the physical switch information. Finally, the script can correlate the information to create a map of your physical switch ports and connected hosts in a network fabric.

Get a head start with this simple version of a Brocade VDX container tracer python script on GitHub, which you can enhance as needed:

This is a quick example of a script which runs on VDX switches, talks to Docker Swarm and interacts with the switch via the cli. It collects the switch information related to vlan and port from the VDX mac address table. The script then displays all the network connectivity information about the containers as shown in the sample output:

And there’s one more thing

Now that we have the basics covered, what if you want to create VXLAN tunnels in your physical network fabric to enable your Docker L2 networks to seamlessly extend across racks? This is a simple extension of what we did earlier via BWC.

A Docker Swarm API hook can trigger a workflow to automatically create a VXLAN tunnel across Top of Rack (ToR) switches to provide the L2 connectivity needed for Docker containers; and also set-up everything else needed on the physical network to get your containers to talk. Container shutdown results in the tear-down of the tunnel. We’re playing with a Docker libnetwork plugin wrapper to help this workflow. The Brocade Libnetwork Plugin functions as a global libnetwork remote driver within Docker swarm and is based on the Container Network Model.

In this way, Brocade Network Fabric provisioning can be fully automated and integrated with the lifecycle of Docker containers. This is an important aspect as micro-services are deployed and shut down in an agile fashion in a container environment. Close integration of Brocade Fabrics with the container life cycle via Brocade Workflow Composer workflows helps optimize usage of network resources in such environments.

Please note: Certain product lines referenced on this website have been acquired by third party buyers and may no longer be supported, offered or sold by Brocade. These product lines include, but are not limited to, the Virtual Router (vRouter), Virtual Application Delivery Controller (vADC), the Virtual Evolved Packet Core (vEPC) and the Software Defined Networking (SDN) Controller. Any mention of these product lines, including associated services and support on this site, as it relates to Brocade should now be considered historical reference only. Ongoing use of such products may be subject to terms and conditions of the buyer.

Some, but not all the content on this site is provided, reviewed, approved or endorsed by Brocade but in any case, is provided solely as a convenience of our customers. All postings and use of the content on this site are subject to the BROCADE WEBSITE USE TERMS AND CONDITIONS. BROCADE ASSUMES NO LIABILITY WHATSOEVER, MAKES NO REPRESENTATION AND DISCLAIMS ANY EXPRESS OR IMPLIED WARRANTY, RELATING TO THE CONTENT PROVIDED HEREIN, INCLUDING LIABILITY OR WARRANTIES RELATING TO FITNESS FOR A PARTICULAR PURPOSE, MERCHANTABILITY, CORRECTNESS, APPROPRIATENESS OR INFRINGEMENT OF ANY PATENT, COPYRIGHT OR OTHER INTELLECTUAL PROPERTY RIGHT. NO LICENSE, EXPRESS OR IMPLIED, BY ESTOPPEL OR OTHERWISE, TO ANY INTELLECTUAL PROPERTY RIGHTS IS GRANTED. THIRD PARTIES USE THIS CONTENT AT THEIR OWN RISK. Content on this site may contain or be subject to specific guidelines or limitation on use. Third parties using this content agree to abide by any limitation or guidelines and to comply with the BROCADE WEBSITE USE TERMS AND CONDITIONS. Brocade may make changes to this content, to specifications, or product design or descriptions at any time, or may remove content at its sole discretion without notice.